It is common practice in the prior art, in the gaming machine environment, that verification of a device may occur by testing the entire contents of a read only memory (ROM) containing the application software for the device to ensure that tampering has not occurred, after a prize is won during game play. An abbreviated bit string is computed from the gaming application program and stored in a secure ROM that is separate from the ROM where the gaming application is stored before deployment of the gaming machine. When the gaming machine is started, or at times when verification is desired, for example, after a win occurs during game play, a verification program calculates another abbreviated bit string from the contents of the ROM wherein the gaming application program is stored, and the previously computed abbreviated bit string stored in the secure ROM is used with the newly-calculated abbreviated bit string to verify the gaming application program.
Such a verification system may be adequate where the media on which the gaming application is stored is read-only, and therefore difficult to alter, and where there is little danger that the other components of the device can be compromised to breach security, such as a casino with 24-hour surveillance. However, such constant surveillance is not always available, both inside and outside the gaming industry, and as technology advances, it becomes more difficult to rely on these safeguards. Furthermore, the shortcomings of prior systems become more prevalent when several devices are connected over a network.
Accordingly, there has been a long existing need for enhanced verification of devices, and more enhanced self-critical analysis of their components other than just the application software.